Tag: hackers

Sweden Breach Shows the Security Risks of National Digital ID Systems

A hacker group calling itself ByteToBreach has posted what it claims is source code stolen from CGI’s Swedish division, among the allegedly compromised systems: the codebase powering BankID logins for the Swedish Tax Agency.

It’s a ransacked filing cabinet inside the architecture of a country that digitized itself completely, then discovered the cost of doing so.

BankID is the single authentication layer Swedes use for nearly everything; government services, banking, digital signatures, and tax filings.

Over 8.6 million people in a country of just over 10 million run their digital lives through it. That’s a national dependency, a single point of failure dressed up as infrastructure modernization.

The dump appeared on Breached.

Journalists at Dagens Nyheter reviewed portions of the leaked material and reported finding source code, passwords, and encryption keys. Breached was taken offline over the weekend as part of a cybersecurity operation, limiting independent verification.

Also reportedly being sold separately: databases containing Swedish citizens’ personal data and electronic signature documents. The breach exposes a layered vulnerability.

CGI confirms it, but frames it narrowly

Keep reading

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US

A cyberattack on a U.S. vehicle breathalyzer company has left drivers across the United States stranded and unable to start their vehicles.

The company, Intoxalock, says on its website that it is “currently experiencing downtime” after a cyberattack on March 14. Intoxalock sells breathalyzer devices that fit into vehicle ignition switches, and is used by people who are required to provide a negative alcohol breath sample to start their car.

Intoxalock spokesperson Rachael Larson confirmed to TechCrunch that the company had been hit by a cyberattack. Larson said the company took steps to “temporarily pause some of our systems as a precautionary measure.”

These breathalyzer devices need to be calibrated every few months or so, but the cyberattack has left Intoxalock unable to perform these calibrations. The company said customers whose devices require calibration may experience delays starting their vehicles.

Drivers posting on Reddit say that cars are unable to start if they miss a calibration, effectively locking drivers out of their vehicles.

According to local news reports across Maine, drivers are experiencing lockouts and some have been unable to start their vehicles. One auto shop in Middleboro told WCVB 5 in Boston that it has had cars parked in its lot all week due to the cyberattack.

News reports from across the United States show drivers are affected from New York to Minnesota, and drivers have been unable to drive because their vehicle-based breathalyzers cannot be immediately calibrated.

Intoxalock would not say what kind of cyberattack it was experiencing, such as ransomware or if there was a data breach, or whether it had received any communications from the hackers, including any ransom demands. The company’s technology is used in 46 states, its website says, and it claims to provide services to 150,000 drivers every year.

Intoxalock did not provide an estimated timeline for its recovery.

Keep reading

Researchers uncover iPhone spyware capable of penetrating millions of devices

A powerful software exploit capable of penetrating and stealing information from potentially hundreds of millions of Apple (AAPL.O), opens new tab iPhones ‌was planted on dozens of websites in Ukraine in recent weeks, researchers said on Wednesday.

The discovery marks the second time this month that researchers have found spyware targeting iPhones and other Apple devices. Together, the two hacking tools show that the market for sophisticated malware capable of stealing data and cryptocurrency wallet information ​is flourishing, researchers said.

Researchers with cyber firm Lookout, opens new tab, mobile security firm iVerify, opens new tab and Alphabet’s (GOOGL.O), opens new tabGoogle, opens new tab published coordinated analyses of the malware they dubbed “Darksword.” ​On March 3, Google and iVerify revealed a separate powerful iPhone spyware called “Coruna.” Researchers found Darksword hosted on ⁠the same servers.

“There’s now a verified pipeline of recent exploits … that have ended up in the hands of potentially criminal entities with ​a financial focus,” said Justin Albrecht, principal researcher with Lookout.

Keep reading

Declassified Doc Confirms China Did, in Fact, Breach US Election Security Leading up to 2020 Election

With Republicans working to pass the SAVE America Act in the Senate to safeguard election integrity, a new report out of Washington is highlighting a potential danger to American elections that Democrats don’t want to talk about.

And it turns out there’s a good reason for that — since it could cast a shadow over Joe Biden’s victory in the 2020 vote that has never quite set right with the American right.

It’s a danger that comes from the People’s Republic of China — the United States’ most dangerous enemy on the global stage.

According to a document obtained by Just the News, and confirmed with officials who had knowledge of the investigation, Beijing was able to electronically infiltrate unidentified American election systems as part of a cyber-espionage campaign.

“[Redacted] Chinese intelligence officials analyzed multiple U.S. states’ [Redacted] election voter registration data, [Redacted] to conduct public opinion analysis on the 2020 US general election,” a portion of an April 2020 National Intelligence Council document stated.

The memo, titled “Cyber Operations Enabling Expansive Authoritarianism,” was “quietly declassified” in 2022, but received no attention from either President Joe Biden’s administration or from the establishment media.

“That means six years later that the U.S. intelligence community has yet to fully inform the American people or the Congress on the breadth of evidence it possesses of China’s actions, how Beijing got the data, and what operations it has taken or contemplated,” wrote Just the News founder John Solomon and chief investigative correspondent Jerry Dunleavy.

Keep reading

Britain had meltdown when China hacked voter files, but U.S. intel kept it secret in America

The United States expressed outrage when Great Britain revealed two years ago that its voter registration databases were hacked by China in what became a global scandal. But it turns out the U.S. intelligence harbored its own secret at the time, knowing since 2020 that Beijing also gained access to American voter registration data, according to documents reviewed by Just the News and interviews with officials with direct knowledge.

“[Redacted] Chinese intelligence officials analyzed multiple U.S. states’ [Redacted] election voter registration data, [Redacted] to conduct public opinion analysis on the 2020 US general election,” stated a once highly classified April 2020 National Intelligence Council memo entitled “Cyber Operations Enabling Expansive Authoritarianism.” 

You can read that document here.

NICM-Declassified-Cyber-Operations-Enabling-Expansive-Digital-Authoritarianism-20200407–2022.pdf

That memo, heavily redacted and quietly declassified by the Biden administration two years after it was written, has escaped most public notice.

That means six years later that the U.S. intelligence community has yet to fully inform the American people or the Congress on the breadth of evidence it possesses of China’s actions, how Beijing got the data, and what operations it has taken or contemplated. 

The gap in public knowledge is particularly politically sensitive as the Senate this week debates a new election security bill that is a top priority for President Donald Trump. Officials told Just the News that Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe are working to declassify a potentially explosive tranche of documents showing what China did, and who in U.S. government knew and when.

The secrecy surrounding China’s access to voter registration has been so persistent that even Republican National Committee Chairman Joe Gruters, President Donald Trump’s point man for the 2026 mid-term elections, said he was unaware of the intelligence. “What’s crazy is the fact that China has access to these voter rolls, but we don’t,” Gruters told John Solomon Reports podcast in an episode set to air Tuesday.

Keep reading

Foreign Hacker Cracked Into FBI’s Epstein Files In 2023, Was ‘Disgusted’ At Child Sexual Abuse

A foreign hacker broke into a server at the FBI’s New York Field Office and ‘compromised files relating to the FBI’s investigation of the late sex offender Jeffrey Epstein’ in 2023, Reuters reports. 

According to the FBI, the intrusion was an “isolated” cyber incident – though not to be confused with a different cybersecurity oncident involving a sensitive internal network used to manage wiretaps and FISA warrants. 

The FBI restricted access to the malicious actor and rectified the network. The investigation remains ongoing, so we do not have further comments to provide at this time,” the agency said in a statement. 

Reuters‘ source claimed that the intrusion ‘appeared’ to be carried out by an individual cybercriminal as opposed to a foreign government (source: trust us bro, we’re here to help). 

The New Hack

The official story: The hack occurred after a server at the Child Exploitation Forensic Lab in the FBI’s NY Field Office was inadvertently left vulnerable by Special Agent Aaron Spivack – who was attempting to figure out how to handle digital evidence within the bureau’s system. 

A timeline written by Spivack and included in the large cache of Epstein documents released earlier this year said the break-in happened ​on February 12, 2023. It was discovered the following day when Spivack turned on his computer and discovered a text file warning him that his network had been compromised, according to that document.

Further investigation turned up traces ‌of unusual activity ⁠on the server, the document said, adding that the activity “included combing through certain files pertaining to the Epstein investigation.” –Reuters

The report does not say which specific files were accessed, whether the hacker actually downloaded anything, or who the hacker was, nor could Reuters determine what overlap, if any, the affected files had with the recent DOJ Epstein file drops.

The hacker expressed ‘disgust at the presence of child abuse images on the device and left a message threatening to turn its owner over to the FBI,’ not realizing that they had accessed the actual FBI. They eventually convinced the hacker, who joined a video chat where they flashed their law enforcement credentials in front of a web camera. 

Spivak says he’s being made “a scapegoat for the intrusion,” and that conflicting FBI policies and poor guidance around informational technology were to blame.  

Interestingly, Spivak was mentioned in an Epstein files email from after the financier’s death, which was sent to multiple recipients. In, someone says:

Hi team,

Aaron Spivak from the FBI (cc’d) has a new file for the Maxwell case that he needs to send to us. Would one of you please coordinate with him to get it via USAfx, then let me know when we have it?

Thanks so much,

EFTA00154980

The FBI breach was first reported by CNN and Reuters on February 17, however the Epstein connection was made by the French magazine Marianne. 

Keep reading

Epstein files were allegedly compromised by foreign hacker in 2023; FBI admits ‘cyber incident’

The FBI Field Office in New York produced myriad documents pertaining to its criminal probe into child sex offender Jeffrey Epstein. Attorney General Pam Bondi suggested in a Feb. 17, 2025, letter to FBI Director Kash Patel that “thousands of pages of documents related to the investigation and indictment of Epstein” were stored on site there.

Some of these documents were allegedly compromised in a hack years before the Department of Justice began publishing the heavily redacted Epstein files.

The bureau revealed in 2023 that it was investigating a hack of its computer network, which it characterized as an “isolated incident that has been contained.”

Multiple sources briefed on the matter told CNN at the time that FBI officials suspected the incident involved a bureau computer system used in the investigations of images of child sexual exploitation.

Keep reading

FBI is probing ‘suspicious’ breach into bureau networks

The FBI is investigating a possible cyber breach into bureau networks, the agency confirmed to Nextgov/FCW.

“The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the bureau said Thursday. The statement did not elaborate further.

CNN first reported the incident and said the breach concerned a network used to facilitate and manage court-ordered wiretapping requests, citing a person familiar with an investigation into the matter. Nextgov/FCW could not independently confirm the matter was linked to wiretap systems.

Wiretaps are a common law enforcement technique used to lawfully intercept communications data on domestic targets. To obtain data, FBI analysts are typically required to obtain a warrant from a judge, allowing them to compel communications providers to hand over call, text or email data tied to a target. Specialized court orders can also allow for real-time surveillance of phone calls.

The FBI is also a heavy user of a communications intercept law housed in Section 702 of the Foreign Intelligence Surveillance Act, which lets certain agencies target overseas foreigners’ communications without a warrant. 

Telecom providers’ “lawful intercept” wiretapping systems were ensnared in a sweeping Chinese hack uncovered in 2024. The hackers, tied to a group called Salt Typhoon, leveraged the intrusions to target communications of high profile political officials including President Donald Trump and Vice President JD Vance.

Foreign adversaries may, at any point in time, be targeting U.S. government systems. Wiretap contents are especially high-value intelligence targets because they could reveal sensitive information about what officials are thinking or planning.

It’s not clear if Salt Typhoon or another collective tied to foreign hackers was involved in the incident. Salt Typhoon is likely holding onto pilfered data “in perpetuity” for future theft and cyber exploitation, a top FBI official said last month.

The FBI has lost many of its staff in the last year amid a mix of firings and other mechanisms used by the second Trump administration to curtail the size of the federal workforce. That turnover has threatened the bureau’s national security resources, experts argue.

Keep reading

Hacked Tehran Traffic Cameras Fed Israeli Intelligence Before Strike On Khamenei 

Years before the air strike that killed Ayatollah Ali Khamenei, Israeli intelligence had been quietly mapping the daily rhythms of Tehran. According to reporting by the Financial Times (paywalled), nearly all of the Iranian capital’s traffic cameras had been hacked years earlier, their footage encrypted and transmitted to Israeli servers. One camera angle near Pasteur Street, close to Khamenei’s compound, allowed analysts to observe the routines of bodyguards and drivers: where they parked, when they arrived and whom they escorted. That data was fed into complex algorithms that built what intelligence officials call a “pattern of life,” detailed profiles including addresses, work schedules and, crucially, which senior officials were being protected and transported. The surveillance stream was one of hundreds feeding Israel’s intelligence system, which combines signals interception from Unit 8200, human assets recruited by the Mossad and large-scale data analysis by military intelligence.

When US and Israeli intelligence determined that Khamenei would attend a Saturday morning meeting at his compound, the opportunity was judged unusually favorable. Two people familiar with the operation told the FT that US intelligence provided confirmation from a human source that the meeting was proceeding as planned, a level of certainty required for a target of such magnitude. Israeli aircraft, reportedly airborne for hours, fired as many as 30 precision munitions. The strike was carried out in daylight, which the Israeli military said created tactical surprise despite heightened Iranian alertness. The Financial Times reports that the assassination was a political decision as much as a technological feat. Even during last year’s 12-day war, when Israeli strikes killed more than a dozen Iranian nuclear scientists and senior military officials and disabled air defences through cyber operations and drones, Israel did not attempt to kill Khamenei.

The capability to do so, however, had been built over decades. Former Mossad official Sima Shine told the FT that Israel’s strategic focus on Iran dates back to a 2001 directive from then-prime minister Ariel Sharon instructing intelligence chief Meir Dagan to make the Islamic Republic the priority target. What distinguishes the latest operation, according to the FT, is the scale of automation. Target tracking that once required painstaking visual confirmation has increasingly been handled by algorithm-driven systems parsing billions of data points. One person familiar with the process described it as an “assembly line with a single product: targets.”

Keep reading

AI overlords of the world hacked: Fallout from the massive Palantir breach

Palantir Technologies has been hacked, according to well-known blogger Kim Dotcom. The company develops software for intelligence and big data analysis. 

Palantir (named after the magical ‘seeing stones’ from ‘The Lord of the Rings’) doesn’t engage in surveillance in the conventional sense using spies, cameras, or bugs. Instead, it develops software that is sold to government agencies, military organizations, and large corporations.

Clients (like the CIA or the German police) upload all their data, and Palantir (its primary platforms are Gotham for military purposes and Foundry for business) then utilizes AI to transform this chaotic information into a coherent picture.

Essentially, it creates a ‘digital twin’ of reality, revealing connections that analysts could have never recognized on their own: for example, that a terrorist had called the cousin of someone who recently transferred money to a suspicious account.

The claims about wiretapping Trump and Musk are likely untrue or highly exaggerated. However, there’s no doubt that Palantir serves as a massive surveillance mechanism for monitoring America’s adversaries (and not only). It is an “operating system for war and intelligence,” providing agencies with a supercomputer that can see everything. But it’s the agencies themselves that feed this computer with data.

Keep reading